I'm currently fiddling with loopback and I was wondering what is the best solution to check if an user is loggedIn.
I can check the validation of the token simply via REST. But I was wondering, if it would be useful to implement an heartbeat. If yes, what would be an good value? For example, check every 10sec if the token is still valid. Or is it better just to check when needed?
This is mostly done by checking the validity of access token provided in request headers for every API. You can then implement an automatic session recovery interceptor at the client side which detects when token expiry error comes in any API and then uses refresh token provided earlier to generate new set of tokens. I dont think it has got anything to do with loopback though. Its mostly on client side implementation.